@@ -84,14 +84,20 @@ void testVerifyServerHostKeyWhenFirstConnection() throws Exception {
8484 .close ();
8585 assertThat (file , is (anExistingFile ()));
8686 List <String > lines = Files .readAllLines (file .toPath ());
87-
87+
8888 // JENKINS-73427: Verify entries are NOT hashed (no |1| prefix) to avoid malformed entries
89- assertThat ("Host key entry should be in plain format, not hashed" ,
90- lines .stream ().noneMatch (line -> line .startsWith ("|1|" )), is (true ));
91-
89+ assertThat (
90+ "Host key entry should be in plain format, not hashed" ,
91+ lines .stream ().noneMatch (line -> line .startsWith ("|1|" )),
92+ is (true ));
93+
9294 // Verify the key was added with the correct algorithm and key material
9395 assertThat (lines , hasItem (containsString ("ecdsa-sha2-nistp256" )));
94- assertThat (lines , hasItem (containsString ("AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" )));
96+ assertThat (
97+ lines ,
98+ hasItem (
99+ containsString (
100+ "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=" )));
95101 }
96102
97103 @ Test
@@ -101,7 +107,7 @@ void testMalformedHashedEntriesCanBeRead() throws Exception {
101107 // The system should log a warning but not crash with an IllegalArgumentException
102108 assumeTrue (runKnownHostsTests ());
103109 String malformedHashedEntry = KEY_ECDSA_SHA_2_NISTP_256 ;
104-
110+
105111 File mockedKnownHosts = knownHostsTestUtil .createFakeKnownHosts (malformedHashedEntry );
106112 AcceptFirstConnectionVerifier acceptFirstConnectionVerifier = spy (new AcceptFirstConnectionVerifier ());
107113 when (acceptFirstConnectionVerifier .getKnownHostsFile ()).thenReturn (mockedKnownHosts );
@@ -148,30 +154,28 @@ void testNewEntriesAreNotHashed() throws Exception {
148154
149155 assertThat (file , is (anExistingFile ()));
150156 List <String > lines = Files .readAllLines (file .toPath ());
151-
157+
152158 // Filter out any empty lines
153- List <String > nonEmptyLines = lines .stream ()
154- .filter (line -> !line .trim ().isEmpty ())
155- .collect (Collectors .toList ());
156-
159+ List <String > nonEmptyLines =
160+ lines .stream ().filter (line -> !line .trim ().isEmpty ()).collect (Collectors .toList ());
161+
157162 // The key insight: entries should be in plain format like "github.com,140.82.121.4 ssh-ed25519 ..."
158163 // NOT hashed like "|1|hash|hash ssh-ed25519 ..."
159- assertThat ("At least one entry should be created" ,
160- nonEmptyLines .size () >= 1 , is (true ));
161-
164+ assertThat ("At least one entry should be created" , nonEmptyLines .size () >= 1 , is (true ));
165+
162166 // Verify ALL entries are NOT hashed (no |1| prefix indicating hashed hostname)
163167 for (String entry : nonEmptyLines ) {
164- assertThat ("Entry should not start with |1| (hashed format): " + entry ,
165- entry .startsWith ("|1|" ), is (false ));
166-
168+ assertThat ("Entry should not start with |1| (hashed format): " + entry , entry .startsWith ("|1|" ), is (false ));
169+
167170 // Verify it contains the key type
168- assertThat ("Entry should contain key type: " + entry ,
169- entry , containsString ("ssh-ed25519" ));
171+ assertThat ("Entry should contain key type: " + entry , entry , containsString ("ssh-ed25519" ));
170172 }
171-
173+
172174 // Verify at least one entry contains the hostname in plain text
173- assertThat ("At least one entry should contain plain hostname" ,
174- nonEmptyLines .stream ().anyMatch (line -> line .contains ("github.com" )), is (true ));
175+ assertThat (
176+ "At least one entry should contain plain hostname" ,
177+ nonEmptyLines .stream ().anyMatch (line -> line .contains ("github.com" )),
178+ is (true ));
175179 }
176180
177181 @ Test
0 commit comments